hacking classes - qa · pdf file2 day class foundation track web ... • xxe attacks •...
Post on 30-Jan-2018
221 Views
Preview:
TRANSCRIPT
Hacking Classes
75%
75% Hands-on Learning in
Our Modern Hack Lab
Updated Regularly to Include
Trending Techniques
Written by BlackHat
Trainers: Available Globally
transforming performancethrough learning
THE ART OF HACKING
THE ART OF HACKING .........................................................................................................................PAGE 2
INFRASTRUCTURE HACKING ..............................................................................................................PAGE 4
WEB HACKING ......................................................................................................................................PAGE 6
OTHER SPECIALIST CLASSES
ADVANCED INFRASTRUCTURE HACKING .........................................................................................PAGE 8
APPSEC FOR DEVELOPERS .............................................................................................................. PAGE 10
PRACTICAL INTERNET OF THINGS (IOT) HACKING ....................................................................... PAGE 12
= +
Hacking Classes
INFRASTRUCTURE HACKING3 DAYS
WEB HACKING2 DAYS ADVANCED
INFRASTRUCTURE HACKING5 DAYS
INTERMEDIATEBEGINNER EXPERT
5 DAYSTHE ART OF HACKING
ADVANCED WEB HACKINGBLACK BELT EDITION
5 DAYS
Becoming an information security expert
qa.com/notsosecure@NotSoSecure Global Services Limited, 2017 All Rights Reserved
NotSoSecure Global Services Limited (Company Registration 09600047, VAT Registration 215919989) | Trading As NotSoSecure
Head Office: CB1 Business Centre, Twenty Station Road, Cambridge, CB1 2JD, UK Registered Office: Office 75 Springfield Road, Chelmsford, Essex, CM2 6JB, UK
training@notsosecure.com Tel: +44 1223 653193
2 3
qa.co
m/n
otso
secu
re
Master the Art of Hacking by building your hands-on skills in a sophisticated hack-lab with material that is delivered on the world conference stage; certified, accredited, continually updated and available globally.
The ideal introductory / intermediate training that brings together both Infrastructure Hacking and Web
Hacking into a 5-day “Art of Hacking” class designed to teach the fundamentals of what Pen Testing
is all about. This hands-on training was written to address the market need around the world for a real
hands-on, practical and hack-lab experience that focuses on what is really needed when conducting
a Penetration Test. Whilst a variety of tools are used, they are the key tools that should be in any
Penetration Tester’s kit bag. This, when combined with a sharp focus on methodology will give you
what is necessary to start or formalise your testing career.
5 DAY CLASS FOUNDATION TRACK
The Art of Hacking
One of the best classes I have taken in a long time. The content was on
point and kept me engaged. I am new to Cyber Security after 25 years in
App Development and am very pleased with what I have learned
Delegate, Black Hat USA
Written & Continually Developed By Leading
Black Hat Trainers
Key Tools That Build A Must Have Pen Tester Kit
Updated Regularly To Include Trending Techniques
This class teaches the attendees a wealth of hacking techniques to compromise the security
of various operating systems, networking devices and web application components. The class
starts from the very basic, and builds up to the level where attendees can not only use the tools
and techniques to hack various components involved in infrastructure and web hacking, but
also walk away with a solid understanding of the concepts on which these tools are based. The
class comprises of 3 days of infrastructure hacking and 2 days of web hacking.
THE ART OF HACKING CLASS CONTENT
DAY 1Infrastructure Basics• TCP/IP Basics• The Art of Port Scanning• Target Enumeration• Brute-Forcing• Metasploit Basics• Password Cracking
DAY 2Hacking Unix, Databases and Applications• Hacking Recent Unix
Vulnerabilities• Hacking Databases• Hacking Application Servers• Hacking third party
applications (WordPress, Joomla, Drupal)
DAY 3Hacking Windows• Windows Enumeration• Hacking recent Windows
Vulnerabilities.• Hacking Third party software
(Browser, PDF, Java)• Post Exploitation: Dumping
Secrets• Hacking Windows Domains
DAY 4Information Gathering, Profiling and Cross-Site Scripting• Understanding HTTP protocol• Identifying the Attack Surface• Username Enumeration• Information Disclosure• Issues with SSL/TLS• Cross Site Scripting• Cross-Site Request Forgery
DAY 5Injection, Flaws, Files and Hacks• SQL Injection• XXE Attacks• OS Code Injection• Local/Remote File include• Cryptographic weakness• Business Logic Flaws• Insecure File Uploads
WHO SHOULD TAKE THIS CLASS?System Administrators, Web Developers, SOC analysts, Penetration Testers, network engineers, security enthusiasts and anyone who wants to take their skills to the next level.
INFRASTRUCTURE HACKING
WEB HACKING
4 5
qa.co
m/n
otso
secu
re
Introduction into Infrastructure Testing
Gain practical experience with tools that will last you well into the future
Learn core Infrastructure techniques
Leave with the basis to take your testing knowledge forward into more Advanced Infrastructure topics
This is an entry-level Infrastructure Security and testing class and is a recommended pre-requisite for
our Advanced Infrastructure Hacking class. This class familiarises the attendees with the basics of
network hacking. A number of tools and techniques will be taught during this 3-day class, If you would
like to step into the world of Ethical Hacking / Pen Testing this is the right class for you.
3 DAY CLASS FOUNDATION TRACK
InfrastructureHacking
This class familiarises the attendees with a wealth of hacking tools and techniques. The class
starts from the very basic and gradually builds up to the level where attendees not only use the
tools and techniques to hack various components involved in infrastructure hacking, but also
walk away with a solid understanding of the concepts on which these tools work.
INFRASTRUCTURE HACKING CLASS CONTENT
DAY 1Infrastructure Basics• TCP/IP Basics• The Art of Port Scanning• Target Enumeration• Brute-Forcing• Metasploit Basics• Password Cracking
DAY 2Hacking Unix, Databases and Applications• Hacking Recent Unix
Vulnerabilities• Hacking Databases• Hacking Application Servers• Hacking third party
applications (WordPress, Joomla, Drupal)
DAY 3Hacking Windows• Windows Enumeration• Hacking recent Windows
Vulnerabilities.• Hacking Third party software
(Browser, PDF, Java)• Post Exploitation: Dumping
Secrets• Hacking Windows Domains
WHO SHOULD TAKE THIS CLASS?System Administrators, Web Developers, SOC analysts, Penetration Testers, network engineers, security enthusiasts and anyone who wants to take their skills to the next level.
Very organized and clearly presented. Great having hands-on experience
with individuals ready to assist when help is needed
Delegate, Black Hat USA
Infrastructure Hacking is the first part of the Art of Hacking Class.
6 7
qa.co
m/n
otso
secu
re
Introduction into Web Application hacking
Practical in focus, teaching how web application security flaws are discovered
Covers leading industry standards and approaches
Builds the foundation to progress your knowledge and move into more advanced Web Application topics
This is an entry-level web Application Security-testing class and is a recommended pre-requisite for
our Advanced Web Hacking class. This class familiarises the attendees with the basics of Web and
Application hacking. A number of tools and techniques will be taught during the 2 day class. If you
would like to step into the world of ethical hacking / pen testing with a focus on web applications, then
this is the right class for you.
2 DAY CLASS FOUNDATION TRACK
WebHacking
This class familiarises the attendees with a wealth of tools and techniques needed to breach
the security of web applications. The class starts from the very basic, and gradually builds up to
a level where attendees can not only use the tools and techniques to hack various components
involved in Web Application hacking, but also walk away with a solid understanding of the
concepts on which these tools are based. The class also covers the industry standards such
as OWASP Top 10, PCI DSS and contains numerous real life examples to help the attendees
understand the true impact of these vulnerabilities.
WHO SHOULD TAKE THIS CLASS?System Administrators, Web Developers, SOC analysts, Penetration Testers, network engineers, security enthusiasts and anyone who wants to take their skills to the next level.
DAY 1Information Gathering, Profiling and Cross-Site Scripting• Understanding HTTP protocol• Identifying the Attack Surface• Username Enumeration• Information Disclosure• Issues with SSL/TLS• Cross Site Scripting• Cross-Site Request Forgery
DAY 2Injection, Flaws, Files and Hacks• SQL Injection• XXE Attacks• OS Code Injection• Local/Remote File include• Cryptographic weakness• Business Logic Flaws• Insecure File Uploads
WEB HACKING CLASS CONTENT
THE ART OF HACKING JOURNEY
Infrastructure Hacking is the second part of the Art of Hacking Class.
EXAM (CAPTURE THE FLAG)
1 DAY
CREST REGISTERED TESTER EXAM
Ninja
MASTER80-100%
60-80%
EXAM PREPERATION
OPTIONAL : PURCHASE EXTRA LAB TIME
INFRASTRUCTURE HACKING3 DAYS
WEB HACKING2 DAYS
CERTIFICATION
CREST REGISTERED TESTER
5 DAYSTHE ART OF HACKING
8 9
qa.co
m/n
otso
secu
re
5 DAY CLASS ADVANCED TRACK
Advanced Infrastructure Hacking
Latest exploits, highly relevant.
Teaching a wide variety of offensive hacking techniques.
Written by real Pen Testers with a world conference reputation (BlackHat, AppSec, OWASP, Defcon etc).
An Advanced Infrastructure Hacking class designed for those who wish to push their knowledge. The
fast-paced class teaches the audience a wealth of hacking techniques to compromise various operating
systems and networking devices. The class will cover advanced penetration techniques to achieve
exploitation and will familiarise you with hacking of common operating systems, networking devices
and much more. From hacking Domain Controllers to local root, VLAN Hopping to VoIP Hacking, we
have got everything covered.
Whether you are Penetration Testing, Red Teaming, or hoping to gain a better understanding of
managing vulnerabilities in your environment, understanding advanced hacking techniques for
infrastructure devices and systems is critical.
The Advanced Infrastructure class will get the attendees familiarised with a wealth of hacking
techniques for common Operating Systems and networking devices. While prior Pen Testing
experience is not a strict requirement, a prior use of common hacking tools such as Metasploit
is recommended for this class.
This course was exactly as described. It delivered good, solid information on the current state of infrastructure hacking at the rapid pace promised. This was a great way to get back into this area after years away from it.
Delegate, Black Hat USA
CREST CCT EXAM
EXAM PREPERATION
OPTIONAL : PURCHASE EXTRA LAB TIME
ADVANCED INFRASTRUCTURE HACKING
5 DAYS
CCT INF CREST CERTIFIED
INFRASTRUCTURE TESTER
WHO SHOULD TAKE THIS CLASS?The class is ideal for those preparing for CREST CCT (ICE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure as a day job and wish to add to their existing skillset.
DAY 1IPv4 and IPv6 RefresherAdvanced topics in network ScanningUnderstanding and exploiting IPv6 TargetsOSINT, DVCS ExploitationAdvanced OSINT Data gatheringExploiting git and Continuous Integration (CI) servers.Database ServersMysqlPostgresOracleRecent VulnerabilitiesHeart-Bleed and Shell-ShockPHP Serialization ExploitWeb-sphere Java Exploits
DAY 2Windows ExploitationDomain and User EnumerationAppLocker / GPO Restriction BypassLocal Privilege EscalationPost Exploitation #1 (AMSI Bypass & Mimikatz)Post Exploitation #2 (LSASecrets)
DAY 3AD ExploitationActive Directory Delegation issuesWOW64Pivoting and WinRMPersistence (Golden Ticket and DCSync)Lateral Movement Using WMIC
DAY 4Linux ExploitationPort scanning and EnumerationFS + SSHPrivilege EscalationrservicesApacheX11 Services
DAY 5Container BreakoutDocker breakoutVPN ExploitationVPNVoIP ExploitationVoIP enumerationVoIP exploitationVLAN ExploitationVLAN conceptsVLAN hopping attacks.
10 11
qa.co
m/n
otso
secu
re
2 DAY CLASS SPECIALIST TRACK
AppSec for Developers
Covers latest industry standards such as OWASP Top 10
Insight into latest security vulnerabilities (such as mass assignment bug in MVC Frameworks)
Thorough guidance on security best practices (like HTTP header such as CSP, HSTS header etc.)
References to real world analogy for each vulnerability
Hands-on labs
Internet distribution of all course materials
Pen Testing as an activity tends to capture security vulnerabilities at the end of the SDLC and is often
too late to be able to influence fundamental changes in the way code is written.
We wrote this class because of the need for developers to develop code and applications in a secure
manner. It does not need to be more time consuming, but it is critical to introduce security as a quality
component into the development cycle. The class does not target any particular web development
platform, but does target the general insecure coding flaws developers make while developing
applications. The examples used in the class include web development technologies such as ASP, .NET,
JAVA and PHP.
WHO SHOULD TAKE THIS CLASS?This class is Ideal for: Software/Web developers, PL/SQL developers, Penetration Testers, Security Auditors, Administrators and DBAs and Security Managers.
A highly-practical class that targets web developers, pen testers, and anyone else who would
like to learn about writing secure code, or to audit code against security flaws. The class covers
a variety of best security practices and defense in-depth approaches, which developers should
be aware of while developing applications.
Students will be provided access to infrastructure on which they will identify vulnerable code
and associated remediation. While the class covers industry standards such as OWASP Top
10 and SANS top 25 security issues, it also talks about real world issues that don’t find a
mention in these lists. The class does not focus on any particular web development language
/ technology but instead on the core principles. Examples include PHP, .NET, classic ASP and
Java.10 and SANS top 25 security issues.
DAY 1Module 1. Application Security Basics
Module 2. Understanding the HTTP protocol
Module 3. Issues with SSL/TLS
Module 4. Information Disclosure
Module 5. Authentication Flaws
Module 6. Authorization Bypass
DAY 2Module 7. Cross Site Scripting (XSS)
Module 8. Cross Site Request Forgery (CSRF)
Module 9. SQL Injection
Module 10. XML External Entity (XXE) Attacks
Module 11. Insecure File Uploads
Module 12. Client Side Security
Module 13. Source Code Review
12 13
qa.co
m/n
otso
secu
re
5 DAY BOOTCAMP SPECIALIST TRACK
Practical IoT Hacking Training
“The great power of Internet Of Things comes with the great responsibility of security”. Being the
hottest technology, the developments and innovations are happening at a stellar speed, but the
security of IoT is yet to catch up. Since the safety and security repercussions are serious and at
times life threatening, there is no way you can afford to neglect the security of IoT products.
“Practical Internet of Things (IoT) Hacking” is a research backed and unique course which offers
security professionals, a comprehensive understanding of the complete IoT Technology suite
including, IoT protocols, sensors, client side, mobile, cloud and their underlying weaknesses. The
extensive hands-on labs enable attendees to master the art, tools and techniques to find-n-exploit
or find-n-fix the vulnerabilities in IoT, not just on emulators but on real smart devices as well.
The course focuses on the entire attack surface on current and evolving IoT technologies in
various domains such as home, enterprise and Industrial Automation. It covers grounds-up on
various IoT protocols including internals, specific attack scenarios for individual protocols and
open source software/hardware tools one needs to have in their IoT penetration testing arsenal.
We also discuss in detail how to attack the underlying hardware of the sensors using various
practical techniques. In addition to the protocols and hardware we will extensively focus on
reverse engineering mobile apps and native ARM/MIPS code to find weaknesses.
Throughout the course, we will use DRONA, a VM created by us specifically for IoT penetration
testing. DRONA is the result of our R&D and has most of the required tools for IoT security
analysis. We will also distribute DIVA – IoT, a vulnerable IoT sensor made in-house for hands-on
exercises.
The “Practical Internet of Things (IoT) Hacking” course is aimed at security professionals who
want to enhance their skills and move to/specialise in IoT security. The course is structured for
beginner to intermediate level attendees who do not have any experience in IoT, reversing or
hardware.
What to expect• Hands-on Labs
• Reversing fun
• Getting familiar with the IoT security
• This course will give you a direction to start performing pentests on IoT products
What not to expect• Becoming a hardware/IoT hacker overnight. Use the knowledge gained in the training to start
pentesting IoT devices and sharpen your skills.
WHO SHOULD TAKE THIS CLASS?• Penetration testers tasked with auditing IoT• Bug hunters who want to find new bugs in IoT products• Government officials from defensive or offensive units• Red team members tasked with compromising the IoT infrastructure• Security professionals who want to build IoT security skills• Embedded security enthusiasts• IoT Developers and testers• Anyone interested in IoT security
PRE-REQUISITES• Basic knowledge of web and mobile security• Basic knowledge of Linux OS• Basic knowledge of programming (C, python) would be a plus
WHAT WILL BE PROVIDED• Commercial IoT Devices for hands-on during the class• DIVA - IoT: custom vulnerable IoT sensor Testbed• Hardware tools for sensor analysis• Drona VM - Platform for IoT Penetration testing• DIVA - ICS: Custom Vulnerable ICS Testbed VM• Training material/slides (500+ pages) PDFs
14 15
qa.co
m/n
otso
secu
re
• Introduction to IOT• IOT Architecture• Identify attack surfaces
• IoT Protocols Overview
• MQTT – Introduction – Protocol Internals – Reconnaisance – Information leakage – Hands-on with open source tools
• CoAP – Introduction – Protocol Internals – Reconnaissance – Cross-protocol attacks – Hands-on with open source tools
• M2MXML – Introduction – m2mxml format – Security issues
• Industrial IoT Protocols Overview
• Modbus – Introduction and protocol
Overview – Reconnaissance (Active and
Passive) – Sniffing and Eavesdropping – Baseline Response Replay – Modbus Flooding – Modifying Coil and register
values of PLC – Rogue Interloper (PLC) – Hands-on with open source tools
• CanBus – Introduction and protocol
Overview – Reconnaissance (Active and
Passive) – Sniffing and Eavesdropping – Replay Attack – Hands-on with open source tools
• Understanding Radio – Signal Processing – Software Defined Radio – Gnuradio – Introduction to gnuradio
concepts – Creating a flow graph – Analysing radio signals – Recording specific radio signal – Replay Attacks – Reverse engineering OOK radio
signals to extract communication data
– Generating a signal – Hands-on with a wireless key fob
and door bell
• Radio IoT Protocols Overview
• Zigbee – Introduction and protocol
Overview – Reconnaissance (Active and
Passive) – Sniffing and Eavesdropping – Replay attacks – Encryption Attacks – Packet Forging attack – Zigbee hardware analysis – Hands-on with RZUSBstick and
open source tools
• Bluetooth Classic and BLE – Introduction and protocol
Overview – Reconnaissance (Active and
Passive) with HCI tools – GATT service Enumeration – Sniffing GATT protocol
communication – Reversing GATT protocol
communication – Read and writing on GATT protocol – L2cap smashing – Cracking encryption – MITM attacks – Hands-on with open source tools
• IoT hardware Overview• Device Reconnaissance• Conventional Attacks
• Firmware – Types – Firmware sources – Firmware analysis and reversing – Firmware modification – Firmware encryption – Simulating device environments
• External Storage Attacks – Symlink files – Compressed files
• Introduction to hardware – Components – PCB – Resistors, Capacitors,
Inductors, crystal etc – Micro-Controllers – Memory chips – SoC – Vcc & Gnd – DC/AC Voltage – Memory – CMOS – EEPROM – FLASH – Packages – Through hole – Surface mount – Ball Grid Array
• Hardware Tools – Bus Pirate – Jtagulator
– Logic Analyzer• Attacking Hardware Interfaces – Hardware Reconnaissance – Analyzing the board – Datasheets – UART – What is UART – Identifying UART interface – Method 1 – Method 2 – Accessing sensor via UART – I2C – Introduction – I2C Protocol – Interfacing with I2C – Manipulating Data via I2C – Sniffing run-time I2C
communication – SPI – Introduction – SPI Protocol – Interfacing with SPI – Manipulating data via SPI – Sniffing run-time SPI
communication – JTAG – Introduction – Identifying JTAG interface – Method 1 – Method 2 – Run-time analysis and data
extraction with openocd
• Side channel attacks – Clock Glitch Attack – VCC Glitch Attack – Timing Analysis with Power – Breaking AES with SCA
• Mobile security (Android) – Introduction to Android – App architecture – Security architecture – App reversing and Analysis – Input validation attacks – Insecure Storage – Access control attacks – Hardcoding issues
• ARM – Architecture – Instruction Set – Procedure call convention – System call convention – Reversing – Hands-on Labs
• MIPS – Architecture – Instruction Set – Procedure call convention – System call convention – Reversing – Hands-on Labs
Course Outline
About The TrainerAseem Jakhar is the Director, research at Payatu Software Labs payatu.com a boutique security testing
company. He is well known in the hacking and security community as the founder of null -The open
security community, registered not-for-profit organization http://null.co.in and also the founder of nullcon
security conference nullcon.net and hardwear.io security conference http://hardwear.io He has worked on
various security software including UTM appliances, messaging/security appliances, anti-spam engine,
anti-virus software, Transparent HTTPS proxy with captive portal, bayesian spam filter to name a few. He
currently spends his time researching on IoT security and hacking things. He is an active speaker and
trainer at security conferences like AusCERT, Black Hat, Brucon, Defcon, Hack.lu, Hack in Paris, PHDays
and many more. He is the author of open source Linux thread injection kit - Jugaad and Indroid which
demonstrate a stealthy in-memory malware infection technique. He has also authored an open source App
DIVA (Damn Insecure and Vulnerable App) for Android which gamifies Android App vulnerabilities and is
used for learning Android Security issues.
At QA we have developed the most comprehensive end-to-end Cyber Security training portfolio with over 75 public cyber courses, from the QA 10 Cyber Domains, we offer Cyber Certifications, Cyber Assurance and Cyber Defence training, from end-user to executive board level courses as well as advanced programmes for Security Professionals. In a supportive, hands-on learning environment, our public, private and bespoke training courses meet the needs of individuals, employers and enterprise. Visit QA.COM/CYBER for more information.
Founded by world renowned Penetration Tester Sumit “Sid” Siddarth and well-known Cyber Security entrepreneur Dan Haagman, NotSoSecure is a specialist Firm focused on Hacking Training and Penetration Testing. A global Black Hat Training provider in US and Europe. We Hack. We Teach. Visit notsosecure.com for more information.
transforming performancethrough learning
Call 0345 074 7978 to talk to QA on your NotSoSecure training needs.
Visit – qa.com/notsosecure for the latest course details.
Search #SkillsfortheDigitalAge
transforming performancethrough learning
top related